Three Approaches to IoT Security: Part Two

There is no single path to securing mobile devices and networks. This article, the second in our three-part series, focuses on how one startup company is leveraging blockchain technology and a type of cryptography called telehash.

When it comes to security, the IoT is already broken. That's what Paul Brody has spiritedly argued since he led IBM's mobile and Internet of Things services business (he moved to Ernst & Young, where he serves as the company's technology sector strategy leader for the Americas, in April 2015). By following a centralized, cloud-based approach to networking IoT devices, Brody told a conference last year, "we've created the most delicious pot of data that any hacker could possibly want."

"In a network of the scale of the IoT, trust can be very hard to engineer and expensive, if not impossible, to guarantee. For widespread adoption of the ever-expanding IoT, however, privacy and anonymity must be integrated into its design by giving users control of their own privacy.

"Current security models based on closed source approaches (often described as 'security through obscurity') are obsolete and must be replaced by a newer approach—security through transparency. For this, a shift to open source is required. And while open source systems may still be vulnerable to accidents and exploitable weaknesses, they are less susceptible to government and other targeted intrusion, for which home automation, connected cars and the plethora of other connected devices present plenty of opportunities."

Brody advocates using blockchain technology as an IoT building block. The digital currency system bitcoin employs a cryptographic blockchain to handle financial transactions using a public ledger. But blockchain can be used to perform a range of other types of transactions in a decentralized manner. One can utilize it to process agreements, create and exchange tokens or authorizations, or simply send tweets.

Just as bitcoin operates without a bank, IoT devices could operate without a centralized cloud server, using the blockchain as a digital ledger that enables transaction processing on any device rather than routing it through a central server.